Prośba o utoworzenie fixlist do programu frst (safe finder)

[nyge]

Witam.

Zwracam się z prośbą o utworzenie pliku fixlist.txt do FRST w celu pozbycia się Safe Finder-a.

Załączam logi z FRST:

Z góry dzięki za wszelką pomoc.

[ordynat]

1) Spróbuj odinstalować ten program:

SafeFinder (HKLM\...\{D2C56B99-8904-47AB-826C-20E26F357213}) (Version: 1.0.0.0 - Linkury)

2) Otwórz Notatnik i wklej w nim:

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Classes\.exe: exefile => "%1" %* <===== UWAGA
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Classes\exefile: "%1" %* <===== UWAGA
C:\Documents and Settings\All Users\Dane aplikacji\Lightzap\Lightzap.exe
C:\Documents and Settings\All Users\Dane aplikacji\Lightzap
HKU\S-1-5-21-1343024091-764733703-725345543-1004\...\Run: [] => [X]
AppInit_DLLs: C:\DOCUME~1\ALLUSE~1\DANEAP~1\Lightzap\Sublatplus.dll => C:\Documents and Settings\All Users\Dane aplikacji\Lightzap\Sublatplus.dll [320512 2015-10-28] ()
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKU\S-1-5-21-1343024091-764733703-725345543-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_Xpmow76QaMi0R9oDovfp_xLkxmwhNcIHTS6d_zeUGxW6IyjyZtzCNn-P6YMSL9oCo8QdWqkrOu9pw,,
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_Xpmow76QaMi0R9oDovfp_xLkxmwhNcIHTS6d_zeUGxW6IyjyZtzCNn-P6YMSL9oCo8QdWqkrOu9pw,,
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_Xpmow76QaMi0R9oDovfp_xLkxmwhNcIHTS6d_zeUGxW6IyjyZtzCNn-P6YMSL9oCo8QdWqkrOu9pw,,
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKU\S-1-5-21-1343024091-764733703-725345543-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3csIQG0rYIORdkjluo8bgJQKy59KfM5zlJUzP7P1YuxSvVojfkFvlnPHPr5ZpL8pq_XY-c9sswK6DGQwzrovN1KNgr8C6puD1puhYqPgE0dH8tQ6DVHsMfTd-XAl0_OuOLPCtU6lC3kEAqw,,&q={searchTerms}
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "hxxp://www.interia.pl/#utm_source=instalki1&utm_medium=installer&utm_campaign=instalki1&iwa_source=installer_instalki" <======= UWAGA
SearchScopes: HKLM -> DefaultScope {ielnksrch} URL =
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S3 DOSMEMIO; \??\E:\MEMIO.SYS [X]
S4 IntelIde; Brak ImagePath
S3 massfilter_lte; \??\C:\WINDOWS\system32\drivers\massfilter_lte.sys [X]
S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
S2 WinFLdrv; system32\WinFLdrv.sys [X]
S3 zgdcat; system32\DRIVERS\zgdcat.sys [X]
S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X]
S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X]
S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X]
S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X]
2015-10-28 12:03 - 2015-10-28 12:03 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lightzaps
2015-10-28 12:02 - 2015-10-29 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Lightzap
C:\Documents and Settings\Norbert\Ustawienia lokalne\Dane aplikacji\1jt85an2g145o0y0qqomr582hicxyqw1rs8
2015-02-21 17:10 - 2015-02-21 17:10 - 0613057 _____ (CMI Limited) C:\Documents and Settings\Norbert\Ustawienia lokalne\Dane aplikacji\nsj17F.tmp
2015-02-21 20:41 - 2015-02-21 20:41 - 0354952 _____ (AnySend.com) C:\Documents and Settings\Norbert\Ustawienia lokalne\Dane aplikacji\nsp39.tmp
2015-02-21 16:42 - 2015-02-21 16:42 - 0613057 _____ (CMI Limited) C:\Documents and Settings\Norbert\Ustawienia lokalne\Dane aplikacji\nst90.tmp
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
Powstanie plik fixlog.txt.
Daj ten log.

3) Zrób nowe logi FRST.
.

[nyge]

Odinstalowałem Safe Finder i przeskanowałem system AdwCleanerm i CCleanerem i problem znikł.

Dzięki za zainteresowanie i sugestie.